I'm not an expert either, but i've studied it a little and tried some of these stuffs.
First, the attestor is not google. Google here only provides the infra (to generate proof and verify them). Let's call the attestor the issuer, and it's the trusted authority that gives you a proof of identity.
A possible flow is:
1. (pre-req) Some issuer (a state, bank, mobile operator, etc.) issues a signed credential to my wallet (stored on my phone, for instance). This could be a full digital ID, or a narrower “proof of age” attestation.
2. Later, a site asks my browser for a proof that I satisfy some predicate, e.g. age >= 18. The site provides the "zk-program" (circuit) that needs to be executed, and awaits for proof (which are essentially proof of executions of the program on trusted yet undisclosed inputs).
3. My phone generates (ideally locally, but not ready today yet) a ZK proof that it knows a valid issuer-signed credential whose hidden attributes satisfy that predicate. Essentially, it is executing the circuit with some inputs (some are public, like public key of issuers, some of private, like the issued ID)
4. The site verifies the proof against public inputs: the issuer public key, the circuit being used, the predicate being requested, and a fresh nonce/challenge.
So to answer some of your questions.
> Does the site know who I am?
Not from the ZK proof itself, it will know who has issued your ID.
> Does the site know my attestor?
Yes, it knows their public key.
> Does the attestor know what site I am visiting?
No.
> Does the attestor know who I am?
Yes
> Do I know who the site and attestor are, and when proof happens?
I guess there are multiple possible ways to do this, depends on the UX.
While I appreciate all the stuffs mentioned here, I believe they are missing something: people should *go vote at all the elections*, and advocate for a system-level change. Systemic resilience instead of personal habits.
Pretty much all their suggestions are to be applied on personal-level. And I agree with those. But they could be made 100x easier if there was some help provided by localities, municipalities & states. I'd love to know better my neighbors & exchange skills & objects, but i'd be much easier if there was a *free* repair-coffee in the neighborhood.
One example from the article: one of the suggestion for "hope for the best prepare for the worst" is "start a local repair cafe". But come on ! With what money ? With what time ? Where ? Opening a repair café is the kind of stuff is by nature non-profitable, therefore the business of the states.
All i'm trying to say is: let's just not forget that this is a political concern, and we can vote for these stuffs.
> ML assistance reduces our performance and persistence, and denies us both the muscle memory and deep theory-building that comes with working through a task by hand: the cultivation of what James C. Scott would call
Imagine being starting university now... I can't imagine to have learned what I did at engineering school if it wasn't for all the time lost on projects, on errors. And I can't really think that I would have had the mental strength required to not use LLMs on course projects (or side projects) when I had deadlines, exams coming, yet also want to be with friends and enjoy those years of your life.
Interesting project. Is the main value to "self-host your own ngrok", or is it to actually compete with ngrok using an open-source project ? If so how do you intend to monetize your project ?
Let me explain why I feel emotional about this. Humans had already proven how much harm can be done via online harassment. This seems to be the 1st documented case (that I am aware of) of online harassment orchestrated and executed by AI.
Automated and personalized harassment seems pretty terrifying to me.
This game gave me a real-life déjà vu. A few months ago, three friends and I spent a long weekend trying to build a Game Boy emulator from scratch in Rust. None of us had ever worked on emulators before—we basically gave ourselves three days to read the docs, figure things out, and ship something. It was chaotic but also educational and an absolute blast. Encouraging anyone that wants to learn a bit more about simple computers and assembly to try that ! If anyone’s curious about what came out of it: https://github.com/chalune-dev/gameboy
I haven't played the game so I can't answer for sure, but my guess is: if you are writing an emulator throughout the game, it's very likely you are guided to write one using OOP.
> My belief in this tech isn't based on marketing hype or someone telling me it's good – it's based on cold reality of what I'm shipping daily
Then why is half of the big tech companies using Microsoft Teams and sending mails with .docx embedded in ?
Of course marketing matters.
And of course the hard facts also matters, and I don't think anybody is saying that AI agents are purely marketing hype. But regardless, it is still interesting to take a step back and observe what marketing pressures we are subject to.
Yes, certainly agree. A few days ago here there was this blog claiming how formal verification would become widely more used with AI. The author claiming that AI will help us with the difficulty barrier to write formal proofs.
> * Programmers resistance to AI assisted programming has lowered considerably. Even if LLMs make mistakes, the ability of LLMs to deliver useful code and hints improved to the point most skeptics started to use LLMs anyway: now the return on the investment is acceptable for many more folks.
Could not agree more. I myself started 2025 being very skeptical, and finished it very convinced about the usefulness of LLMs for programming. I have also seen multiple colleagues and friends go through the same change of appreciation.
I noticed that for certain task, our productivity can be multiplied by 2 to 4. So hence comes my doubts: are we going to be too many developers / software engineers ? What will happen for the rests of us ?
I assume that other fields (other than software-related) should also benefits from the same productivity boosts. I wonder if our society is ready to accept that people should work less. I think the more likely continuation is that companies will either hire less, or fire more, instead of accepting to pay the same for less hours of human-work.
This is great ! Congratulations. I really like your project, especially I like how easily it is to peak at.
Do you plan on moving forward with this project ? I seem to understand that all the training is done on the CPU, and that you have next steps regarding optimizing that. Do you consider GPU accelerations ?
Also, do you have any benchmarks on known hardware ? Eg, how long would it take to train on a macbook latest gen or your own computer ?
First, the attestor is not google. Google here only provides the infra (to generate proof and verify them). Let's call the attestor the issuer, and it's the trusted authority that gives you a proof of identity.
A possible flow is:
1. (pre-req) Some issuer (a state, bank, mobile operator, etc.) issues a signed credential to my wallet (stored on my phone, for instance). This could be a full digital ID, or a narrower “proof of age” attestation.
2. Later, a site asks my browser for a proof that I satisfy some predicate, e.g. age >= 18. The site provides the "zk-program" (circuit) that needs to be executed, and awaits for proof (which are essentially proof of executions of the program on trusted yet undisclosed inputs).
3. My phone generates (ideally locally, but not ready today yet) a ZK proof that it knows a valid issuer-signed credential whose hidden attributes satisfy that predicate. Essentially, it is executing the circuit with some inputs (some are public, like public key of issuers, some of private, like the issued ID)
4. The site verifies the proof against public inputs: the issuer public key, the circuit being used, the predicate being requested, and a fresh nonce/challenge.
So to answer some of your questions.
> Does the site know who I am? Not from the ZK proof itself, it will know who has issued your ID.
> Does the site know my attestor? Yes, it knows their public key.
> Does the attestor know what site I am visiting? No.
> Does the attestor know who I am? Yes
> Do I know who the site and attestor are, and when proof happens? I guess there are multiple possible ways to do this, depends on the UX.